Ansible Infrastructure Automation

March 2022

Massimo Ferrari Nuno Martins

Consulting Product Manager Principal Technical Marketing Manager
Ansible Automation Platform Ansible Automation Platform
 Agenda
Ansible Infrastructure Automation

● What is Ansible infrastructure automation?

○ How does it work?
○ Reference architecture
○ Infrastructure automation
○ Use cases
● Hosted Services for Infrastructure Automation
● Where to go next

3
 Datacenter automation and management benefits

Why automate your infrastructure?

Simplify administration in an open hybrid cloud

Leverage automated, repeatable built-in Consistently deploy systems across complex

management workflows hybrid infrastructure

Close any admin expertise gaps and Ensure configuration and mitigate risk by
overcome lack of resources automating system setup

Reduce time spent analyzing and Spend less time on persistent security
validating OS security patches settings with security at scale

4
 Infrastructure
Automation
Overview

5
 What is Ansible infrastructure automation?

CLOUD SECURITY

Ansible infrastructure automation is our content domain focused on

operating systems and enterprise applications automation. The goal is
STORAGE NETWORK
to provide operations teams with the ability to streamline their
processes, simplify their daily tasks, and reduce potential human error.
This greatly reduces both time and effort in managing infrastructure.

Ansible infrastructure collections are sets of Certified Content

Collections designed to ensure configuration and management is
consistent as well as reduce human error and manual processes.
Infrastructure Defined

Bare Private Public

Edge Virtualization
metal clouds clouds
 Certified Collections for Red Hat Enterprise Linux
System Roles Satellite Insights SSO
Sets of Roles for Modules and Role for Modules and Roles to Roles for installation of
managing Red Hat installation, Satellite configure and deploy Red Hat Single Sign On
Enterprise Linux System management as well as Insights client on Red and keycloak
Components modules to interact with Hat Enterprise Linux
the Satellite API. Hosts

IDM SAP Jboss EAP Windows

Modules and Roles to Modules and Roles to Roles to install, Modules to configure
deploy FreeIPA server as deploy SAP on Red Hat configure and maintain and manage Windows
well as user, group and Enterprise Linux as well Jboss EAP ,Java JEE hosts
topology management as Day 2 operations Appserver Wildfly and
Tomcat

Certified Collections
 Datacenter Use
Cases

9
 Infrastructure use cases

Provisioning Configuration Management Day 2 Ops

Operating System Provisioning Day 1: SSH Server Configuration SAP Day 2 Automation

Enterprise Application Provisioning Infrastructure Compliance

Kernel Configuration
with SQL & SAP
 Provisioning

11
Red Hat Ansible Infrastructure Automation

Kickstart Callback Provisioning

Why is it important?
● Kickstart is used to provision Red Hat hosts
● Kickstart and Ansible can complement each other and reduce silos in
infrastructure operations

Why Ansible Automation Platform?

● Callback provisioning allows for new hosts to trigger configuration
changes from automation controller
● Satellite can be used as a dynamic inventory source
● Configuration is not limited to the host but can be extended to
12
network and other infrastructure systems.
 Satellite Kickstart callback provisioning

Automation Controller Satellite New Host

● Configure dynamic inventory ● Configure Host Group for

● Provisioned hosts should
source for Satellite provisioning
have
● Create and configure /etc/systemd/system/ansi
● Configure template to allow
parameters: ble-callback.service
callback provisioning
ansible_host_config_key
● Once provisioned check
● Configure Host Config Key ansible_job_template_id
the job in automation
and record template ID ansible_tower_fqdn
controller and verify the
ansible_tower_provisioning
limit was set to the host
● Configure Host Config Key deployed
and record template ID

13
Red Hat Ansible Infrastructure Automation

Deploying SQL Server

Why is it important?
● MS SQL Server on Red Hat Enterprise Linux offers a fast and reliable
platform
Automation Services ● Environment consistency regardless of on-premise or cloud
Catalog
deployments for your applications

Why Ansible Automation Platform?

● Automation Services Catalog allows you to present MS SQL Server
installation and configuration to your developers as automation they
can consume
14
● Ansible vault can encrypt sensitive database details and variables
 Configure network services for MS SQL Server

- name: Configure network bond with network system role

hosts: all
roles:
- redhat.rhel_system_roles.network

- name: Open firewall for Microsoft SQL Server

hosts: all
tasks:
- firewalld:
port: 1433/tcp
permanent: yes
immediate: yes
state: enabled

15
 Customise your deployment with role variables

---
- name: configure ms sql server
hosts: rhel_hosts
gather_facts: false

roles:
- role: microsoft.sql.server

…
mssql_accept_microsoft_odbc_driver_17_for_sql_server_eula: true
mssql_accept_microsoft_cli_utilities_for_sql_server_eula: true
mssql_accept_microsoft_sql_server_standard_eula: true

16
mssql_edition: Evaluation
Red Hat Ansible Infrastructure Automation

Deploying SAP with Ansible

Why is it important?
● SAP deployments require administrators with SAP skills
● Deployment of SAP could be complex
● OS prerequisites are needed before deploying

Why Ansible Automation Platform?

● Consumable automation via Services Catalog or API request
● Click and launch deployment experience, no SAP skills required
● Workflows cater for any prerequisites and post-deployment
requirements
17
Preconfigure hosts and deploy SAP HANA

---
- name: prepare and deploy sap hana
hosts: rhel_sap
gather_facts: false
vars:
sap_preconfigure_assert: yes
sap_preconfigure_assert_ignore_errors: yes
sap_hana_preconfigure_assert: yes
sap_hana_preconfigure_assert_ignore_errors: yes

roles:
- role: sap.rhel.preconfigure
- role: sap.rhel.hana_preconfigure
 roles:
Deploying with SAP Collections
- redhat.rhel_system_roles.timesync roles:
- spa.rhel.preconfigure - sap.rhel.hana_preconfigure

Red Hat
Enterprise Linux
Packages
SAP S/4HANA SAP NetWeaver

SAP HANA SAP HANA

sap.rhel
SAP S/4HANA

SAP HANA

SAP NetWeaver

SAP Installer +
Product Packages

roles:
19
- redhat.rhel_system_roles.storage
 Configuration
Management

20
Red Hat Ansible Infrastructure Automation

SSH Server Configuration

Why is it important?
● SSH server is key to secure Red Hat Enterprise Linux systems
● Flexibility to make exceptions for special requirements
● Good intro level use-case for infrastructure engineers

Why Ansible Automation Platform?

● Push button via WebUI
● Easy scheduling for compliance checks
● Surveys allow for quick customization

21
 SSH configuration flexibility with Surveys

---
- name: configure ssh configuration
hosts: all
gather_facts: false

roles:
- role: redhat.rhel_system_roles.ssh

22
Red Hat Ansible Infrastructure Automation

Managing Kernel Settings

Why is it important?
● Kernel settings fine tune performance and security
/proc/sys
/sys
/proc/sys
/sys ● Managing Kernel settings across multiple systems is labor intensive
● Good intro level use-case for infrastructure engineers

Why Ansible Automation Platform?

tuned ● Role based access control prevents unauthorized changes
● Track changes and history of Kernel settings
● Workflows simplify the fine tuning of systems during provisioning
for their workloads
23
 Visualize Kernel Changes in your workflow
- name: system kernel hardening Tune Kernel settings as part of a
hosts: rhel_sap
roles:
workflow to ensure performance
and security compliance
- rhel-system-roles.kernel_settings

24
 Schedule kernel setting compliance checks

25
 Day 2 Operations

26
Red Hat Ansible Infrastructure Automation

Day 2 Automating SAP Tasks

Why is it important?
● SAP Platform Lifecycle Management
● Provides maintenance task automation
● Platform updates

Why Ansible Automation Platform?

● Automate SAP service relocation and system lifecycle
● Schedule SAP maintenance tasks
● Update SAP databases and kernels across your organization

27
 SAP Day 2 Operations

Modules
hana_backup Backup SAP HANA Database

SAP S/4HANA
hana_restore Restore SAP HANA Database backup
SAP HANA
hana_host_allocation Relocate SAP HANA systems

hana_rowstore_reorganise Reorganize HANA database rowstore

to reclaim memory space

sap.day2ops profile_parameter Modify SAP Profile parameters

collection SAP NetWeaver
service Start and stop SAP HANA service
SAP HANA
service_info

system Start and stop SAP

31
 Sample playbook to backup an SAP HANA database

---
tasks:
- name: Create a full HANA backup for SYSTEMDB
sap.day2ops.hana_backup:
sid: RHE
hana_db_system_password: "{{ hana_db_system_password }}"
instance_number: "00"
prefix: MONDAY
db_name: SYSTEMDB
become: yes
become_user: rheadm

32
Red Hat Ansible Infrastructure Automation

Infrastructure Compliance
Why is it important?
● Ensure configuration and services are in desired states
Selinux Enabled
Firewalld Enabled
● Scheduled system checks reduce preventative maintenance
Apache Enabled
● Enables operations teams to focus on system improvements
IIS Enabled
Antivirus Running
Domain Enabled Why Ansible Automation Platform?
● Scheduled automation tasks can be configured
● Declarative configuration management with multiple methods of
notification
● Workflows allow for interaction with ITSM for logging support tickets
33
 Managing datacenter configuration drift

- name: Ensure core services are installed

yum:
name:
- cockpit
- firewalld

- name: Ensure core services are started

loop:
- cockpit.socket
- firewalld.service
systemd:
name: “{{ item }}”
state: started
enabled: true
34
 Datacenter automation incident tracking with ITSM

…
collection:
- servicenow.itsm
tasks:
- name: Create incident
servicenow.itsm.incident:
state: new
caller: "{{ lookup('env', 'SN_USERNAME') }}"
short_description: “System not compliant” ● A non-compliant system incident can be
description: "Whoops! Houston we have a problem " logged automatically in an ITSM like
impact: low
ServiceNow using the servicenow.itsm
urgency: low
register: new_incident certified collection

35
What does Datacenter automation look like ?

Infrastructure console.redhat.com hosted services Datacenter Automation

Remote/Cloud Infrastructure Operator Creator

Insights for Automation

Services Automation
Execution Nodes Ansible
Catalog Hub

Automation Mesh

Local Infrastructure Automation controller Private Automation

Hub

Satellite
 Hosted Services for
Datacenter Automation

37
Red Hat Insights

Red Hat Insights for Ansible

Automation Platform

Rich reporting and advanced analytics to:

● Optimize your automation

● Spot and troubleshoot issues faster
● Plan and proactively measure success

1,000+ 115,000+
Insights draws knowledge
1 million+ Red Hat
from data sources support cases support
base and
solution
such as… personnel
articles
 Top Insights reports for datacenter automation

▶ Hosts changed by template

▶ Templates explorer

▶ Changes made by job template

▶ Module usage by task

▶ Module usage by job template

 Next steps

Where to go next
Learn more

▸ Workshops
▸ Documents
▸ YouTube
▸ Twitter
Get started
▸ Evals
▸ cloud.redhat.com

Get serious

▸ Red Hat Automation Adoption Journey

▸ Red Hat Training
▸ Red Hat Consulting

40
 Learning resources
Continue your automation journey with these infrastructure automation training materials

Workshops: Red Hat Ansible Automation Platform

Training: Red Hat Ansible Automation for SAP (RH045)

Ebook: Automate infrastructure workflows

Whitepaper: Accelerate your path to self-healing infrastructure

42
 Extra Slides

43